Author Topic: xcleaner indicates that I have "stealth spector" installed in my computer (Read 1236 times)

iretai · « **on:** October 26, 2006, 01:22:57 PM »

Logfile of HijackThis v1.99.1
Scan saved at 06:28:17 p.m., on 25/10/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGCTRL.EXE
C:\COREL\GRAPHICS8\PROGRAMS\MFINDEXER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVGCtrl] "C:\ARCHIV~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARCHIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARCHIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: xxx - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\Sexagonal (file missing)
O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.superfamosas.com/download/cabdll.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.105.128.40,200.105.128.41
O21 - SSODL: WebExtLocation - {FE2DB5FF-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\SYSTEM\winfghert.dll

how can i disable it?
tks

SpyDie · « **Reply #1 on:** October 27, 2006, 01:04:06 PM »

Hi & welcome to the LandzDown forum.

Please run HijackThis and click "Scan." Place checks next to the following entries:

O21 - SSODL: WebExtLocation - {FE2DB5FF-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\SYSTEM\winfghert.dll

Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis remove the entries you checked.

Restart the computer.

Tell me if this helps. Also, once back into Windows try and delete this file:

C:\WINDOWS\SYSTEM\winfghert.dll

Now, please follow these instructions in this topic. It has instructions on setting up and installing AVG Anti-Spyware;

http://www.landzdown.com/index.php?topic=1133.0

Please scan with AVG Anti-Spyare and post it's logfile here along with a new HijackThis logfile.

LandzDown Forum

News:

Author Topic: xcleaner indicates that I have "stealth spector" installed in my computer (Read 1236 times)

iretai

xcleaner indicates that I have "stealth spector" installed in my computer

SpyDie

Re: xcleaner indicates that I have "stealth spector" installed in my computer